1 Efﬁcient Formal Veriﬁcation in Banking Processes Antonella Santone Dipartimento di Ingegneria, Universit` a degli Studi del Sannio, Italy e-mail: santone@unisannio.it Valentina Intilangelo e-mail: intivale@hotmail.it Domenico Raucci Dipartimento di Economia, Universit` a degli Studi di Chieti-Pescara e-mail:d.raucci@unich.it Abstract—Model checking is a very used method to verify concurrent and distributed systems which is traditionally applied to computer system design. We examine the applicability of model checking to validation of Business Processes that are mapped through the systems of Workﬂow Management. The use of model checking in business domain is still not widely used. This is due also to the state explosion problem, which says that the state space grows exponentially in the number of concurrent processes. In this paper we consider property-based methodology developed to combat the state explosion problem. Our focus is two fold; ﬁrstly we show how model checking can be applied in the context of business modelling and analysis and secondly we evaluate and test the property-based methodology using as a case study a real-world banking workﬂow of a loan origination process. Our investigations suggest that the business community, especially in the banking ﬁeld, can beneﬁt from this efﬁcient methodology developed in formal methods since it can detect errors that were missed by traditional veriﬁcation techniques, and being cost-efﬁcient, it can be adopted as a standard quality assurance procedure. We show and discuss the experimental results obtained. Keywords-Bussiness Process Management; Formal Methods; CCS; Workﬂow Veriﬁcation; Banking Process. I. I NTRODUCTION The application of formal techniques consists of an al- gorithmic approach to veriﬁcation of such systems that can be represented by a formal model. Several techniques for formal veriﬁcation have been developed over the past three decade among them model checking. In the model checking framework, systems are modelled as transition systems and requirements are expressed as formulae in temporal logic. A model checker then accepts two inputs, a system described, for example, in process-algebraic notations and a temporal formula, and returns “true” if the system satisﬁes the formula and “false” otherwise. Model checking is a promising technique for the im- provement of software quality. However, it requires detailed speciﬁcations of systems and requirements, and is therefore not very accessible, above all in certain restricted ﬁelds of application. One of these domains is business process man- agement. In particular, we examine the applicability of model checking to validation of Business Processes that are mapped through the systems of Workﬂow Management. The use of this formal method in the domain of business process management however, is still not widely used. This is due also to the state explosion problem, which says that the state space grows exponentially in the number of concurrent processes. In fact, the parallelism between the processes of the system leads to a number of reachable states which may become very large, in some cases on the order of millions or billions of states. When the number of states is too large to ﬁt in a computer’s main memory, veriﬁcation quickly breaks down. In the business process taken into account, we came across the state explosion problem. Speciﬁcally, this problem has emerged as a result of a ﬁrst modelling of the banking process, in which the excessive number of processes in parallel has made impracticable the veriﬁcation using standard model checker. Several approaches have been developed to solve or reduce the state explosion problem. In this paper to combat the state explosion problem we consider a methodology which is based on the property to be checked. Often the property one wants to check does not concern the whole transition system, but only some parts of it. An approach to reduce the number of states is the deﬁnition of suitable abstraction criteria by means of which a smaller transition system can be obtained, including only the parts that “inﬂuence” the property. In [1] a temporal logic is proposed, called selective mu- calculus, which has the characteristic that each formula allows immediately pointing out the parts of the transition system that do not alter the truth value of the formula itself. In particular, given a logic formula φ of the selective mu-calculus, only the transitions labelled by the actions syntactically occurring in φ have to be considered. In [2] a methodology is proposed based on the selective mu-calculus and on systems speciﬁed using Milner’s Calculus of Communicating Systems (CCS) [3], which is one of the most well known process algebras and it is largely used for modeling concurrent and distributed systems. Given a formula in the selective mu-calculus the CCS process is syntactically transformed into a smaller one (corresponding to a reduced transition system), where the reduction is driven by the formula to be checked. The formula is then checked on the reduced transition system. A proto- type tool has been deﬁned implementing the methodology.